Joseph Rowntree Reform Trust Study on the Database State in the UK
The Joseph Rowntree Reform Trust released a report (pdf), “The Database State – scrap it, fix it or keep it?” BBC News has a good story on the report, and there are various other news stories covering the study. From the executive summary:
In recent years, the Government has built or extended many central databases that hold information on every aspect of our lives, from health and education to welfare, law–enforcement and tax. This ‘Transformational Government’ programme was supposed to make public services better or cheaper, but it has been repeatedly challenged by controversies over effectiveness, privacy, legality and cost.
Many question the consequences of giving increasing numbers of civil servants daily access to our personal information. Objections range from cost through efficiency to privacy. The emphasis on data capture, form-filling, mechanical assessment and profiling damages professional responsibility and alienates the citizen from the state. Over two-thirds of the population no longer trust the government with their personal data.
This report charts these databases, creating the most comprehensive map so far of what has become Britain’s Database State.
All of these systems had a rationale and purpose. But this report shows how, in too many cases, the public are neither served nor protected by the increasingly complex and intrusive holdings of personal information invading every aspect of our lives.
The report assesses 46 databases across the major government departments, and finds that:
- A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law; they should be scrapped or substantially redesigned. More than half have significant problems with privacy or effectiveness and could fall foul of a legal challenge.
- Fewer than 15% of the public databases assessed in this report are effective, proportionate and necessary, with a proper legal basis for any privacy intrusions. Even so, some of them still have operational problems.
- Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally. In Britain, data is increasingly centralised, and shared between health and social services, the police, schools, local government and the taxman.
- The benefits claimed for data sharing are often illusory. Sharing can harm the vulnerable, not least by leading to discrimination and stigmatisation.
- The UK public sector spends over £16 billion a year on IT. Over £100 billion in spending is planned for the next five years, and even the Government cannot provide an accurate figure for cost of its ‘Transformational Government’ programme. Yet only about 30% of government IT projects succeed.
This report surveys the main UK government databases and assesses them using a traffic-light system: Red, amber, green.
Red means that a database is almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned. The collection and sharing of sensitive personal data may be disproportionate, or done without our consent, or without a proper legal basis; or there may be other major privacy or operational problems. Most of these systems already have a high public profile. One of them (the National DNA Database) has been condemned by the European Court of Human Rights, and both the Conservative Party and Liberal Democrats have promised to scrap many of the others.
The red systems are:
- the National DNA Database, which holds DNA profiles for approximately 4 million individuals, over half a million of whom are innocent (they have not been convicted, reprimanded, given a final warning or cautioned, and have no proceedings pending against them) – including more than 39,000 children;
- the National Identity Register, which will store biographical information, biometric data and administrative data linked to the use of an ID card;
- ContactPoint, which is a national index of all children in England. It will hold biographical and contact information for each child and record their relationship with public services, including a note on whether any ‘sensitive service’ is working with the child;
- the NHS Detailed Care Record, which will hold GP and hospital records in remote servers controlled by the government, but to which many care providers can add their own comments, wikipedia-style, without proper control or accountability; and the Secondary Uses Service, which holds summaries of hospital and other treatment in a central system to support NHS administration and research;
- the electronicCommon Assessment Framework, which holds an assessment of a child’s welfare needs. It can include sensitive and subjective information, and is too widely disseminated;
- ONSET, which is a Home Office system that gathers information from many sources and seeks to predict which children will offend in the future;
- the DWP’s cross-departmental data sharing programme, which involves sharing large amounts of personal information with other government departments and the private sector;
- the Audit Commission’s National Fraud Initiative, which collects sensitive information from many different sources and under the Serious and Organised Crime Act 2007 is absolved from any breaches of confidentiality;
- the communications database and other aspects of the Interception Modernisation Programme, which will hold everyone’s communication traffic data such as itemised phone bills, email headers and mobile phone location history; and
- the Prüm Framework, which allows law enforcement information to be shared between EU Member States without proper data protection.
Possibly related posts: